CIS OVAL Repository0.15.11.12018-12-19T08:55:03DEPRECATED: ELSA-2010-0062 -- bind security update (moderate)Oracle Linux 5bind[30:9.3.6-4.P1.2]
- NSEC validation code could cause wrong NXDOMAIN responses (#554851,
CVE-2010-0097)
- improve fix for CVE-2009-4022 (#538744)
- {C,D}NAMEs could be returned to clients without proper DNSSEC validation
- don't validate + cache out-of-bailiwick data returned with a secure answer.
Refetch it instead.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10RHSA-2012:0744: python security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6pythonPython before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3DEPRECATED: ELSA-2011-0554 -- python security, bug fix, and enhancement update (moderate)Oracle Linux 6pythonpython-docspython:
[2.6.6-20]
Resolves: CVE-2010-3493Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10ELSA-2010:0770: java-1.6.0-sun security update (Critical)Oracle Linux 5java-1.6.0-sunUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3DSA-4306-1 -- python2.7 -- security updateDebian 9python2.7Multiple security issues were discovered in Python.Alexandr RuchkinDRAFTINTERIMACCEPTEDACCEPTED5.10USN-869-1 -- linux vulnerabilityUbuntu 9.10linuxDavid Ford discovered that the IPv4 defragmentation routine did not correctly handle oversized packets. A remote attacker could send specially crafted traffic that would cause a system to crash, leading to a denial of service. Akira Fujita discovered that the Ext4 &quot;move extents&quot; ioctl did not correctly check permissions. A local attacker could exploit this to overwrite arbitrary files on the system, leading to root privilege escalationSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-3703-1 -- bind9 -- security updateDebian 8bind9Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily affects recursive resolvers.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-1644-1 mplayer - integer overflowsDebian GNU/Linux 4.0mplayerFelipe Andres Manzano discovered that mplayer, a multimedia player, is vulnerable to several integer overflows in the Real video stream demuxing code. These flaws could allow an attacker to cause a denial of service (a crash) or potentially execution of arbitrary code by supplying a maliciously crafted video file.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-3441-1 -- perl -- security updateDebian 8perlDavid Golden of MongoDB discovered that File::Spec::canonpath() in Perl returned untainted strings even if passed tainted input. This defect undermines taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10SUSE-SU-2014:1124-1 -- Security update for flash-playerSUSE Linux Enterprise Desktop 11flash-playerAdobe Flash Player has been updated to 11.2.202.406 which fixes various
security issues.
These updates:
* resolve a memory leakage vulnerability that could have been used to
bypass memory address randomization (CVE-2014-0557).
* resolve a security bypass vulnerability (CVE-2014-0554).
* resolve a use-after-free vulnerability that could have lead to code
execution (CVE-2014-0553).
* resolve memory corruption vulnerabilities that could have lead to
code execution (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550,
CVE-2014-0551, CVE-2014-0552, CVE-2014-0555).
* resolve a vulnerability that could have been used to bypass the same
origin policy (CVE-2014-0548).
* resolve a heap buffer overflow vulnerability that could have lead to
code execution (CVE-2014-0556, CVE-2014-0559).
More information can be found on
http://helpx.adobe.com/security/products/flash-player/apsb14-21.html
<http://helpx.adobe.com/security/products/flash-player/apsb14-21.html>
Security Issues:
* CVE-2014-0547
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0547>
* CVE-2014-0548
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0548>
* CVE-2014-0549
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0549>
* CVE-2014-0550
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0550>
* CVE-2014-0551
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0551>
* CVE-2014-0552
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0552>
* CVE-2014-0553
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0553>
* CVE-2014-0554
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0554>
* CVE-2014-0555
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0555>
* CVE-2014-0556
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0556>
* CVE-2014-0557
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0557>
* CVE-2014-0559
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0559>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10RHSA-2014:0247: gnutls security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5gnutlslib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.Sergey ArtykhovDRAFTINTERIMMaria MikhnoACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3DSA-2208-2 bind9 -- denial of serviceDebian GNU/Linux 5.0bind9The BIND, a DNS server, contains a defect related to the processing of new DNSSEC DS records by the caching resolver, which may lead to name resolution failures in the delegated zone. If DNSSEC validation is enabled, this issue can make domains ending in .COM unavailable when the DS record for .COM is added to the DNS root zone on March 31st, 2011. An unpatched server which is affected by this issue can be restarted, thus re-enabling resolution of .COM domains. Configurations not using DNSSEC validations are not affected by this usse.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10USN-997-1 -- firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilitiesUbuntu 8.04Ubuntu 10.10Ubuntu 10.04Ubuntu 9.04Ubuntu 9.10firefoxfirefox-3.0firefox-3.5xulrunner-1.9.1xulrunner-1.9.2Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Robert Swiecki discovered that Firefox did not properly validate Gopher URLs. If a user were tricked into opening a crafted file via Gopher, an attacker could possibly run arbitrary JavaScript. Eduardo Vela Nava discovered that Firefox could be made to violate the same-origin policy by using modal calls with JavaScript. An attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Firefox did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the programSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-2891-2 -- mediawiki, mediawiki-extensions -- security updateDebian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0mediawikimediawiki-extensionsSeveral vulnerabilities were discovered in MediaWiki, a wiki engine.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-1744-1 weechat -- missing input sanitisationDebian GNU/Linux 5.0weechatSebastien Helleu discovered that an error in the handling of color codes in the weechat IRC client could cause an out-of-bounds read of an internal color array. This can be used by an attacker to crash user clients via a crafted PRIVMSG command. The weechat version in the oldstable distribution is not affected by this problem. For the stable distribution, this problem has been fixed in version 0.2.6-1+lenny1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 0.2.6.1-1. We recommend that you upgrade your weechat packages.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10patch IE7-KB929969-WindowsXP-x86-enu.exe should be installedMicrosoft Windows XPMicrosoft Internet Explorer 7The patch IE7-KB929969-WindowsXP-x86-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-004 should be installed.Andrew ButtnerDRAFTINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTED5.10DSA-2801-1 libhttp-body-perl - design errorDebian GNU/Linux 7Debian GNU/kFreeBSD 7libhttp-body-perlJonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to upload files to a service that uses HTTP::Body::Multipart could potentially execute commands on the server if these temporary filenames are used in subsequent commands without further checks.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10USN-2064-1 -- linux vulnerabilitiesUbuntu 10.04linuxSeveral security issues were fixed in the kernel.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-1866 kdegraphics -- several vulnerabilitiesDebian GNU/Linux 5.0Debian GNU/Linux 4.0kdegraphicsTwo security issues have been discovered in kdegraphics, the graphics apps from the official KDE release. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that the KSVG animation element implementation suffers from a null pointer dereference flaw, which could lead to the execution of arbitrary code. It was discovered that the KSVG animation element implementation is prone to a use-after-free flaw, which could lead to the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.10RHSA-2013:0958: java-1.7.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.7.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-1568 b2evolution -- insufficient input sanitisingDebian GNU/Linux 4.0b2evolution"unsticky" discovered that b2evolution, a blog engine, performs insufficient input sanitising, allowing for cross site scripting.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10SUSE-YU-2014:1021-1 -- YOU update for Software Update StackSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Software Update StackThis update for the Software Update Stack provides the several fixes and
enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3USN-2135-1 -- linux-lts-quantal vulnerabilitiesUbuntu 12.04linux-lts-quantalSeveral security issues were fixed in the kernel.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-1980-1 ircd-hybrid/ircd-ratbox -- integer underflow/denial of serviceDebian GNU/Linux 5.0ircd-hybrid/ircd-ratboxDavid Leadbeater discovered an integer underflow that could be triggered via the LINKS command and can lead to a denial of service or the execution of arbitrary code. This issue affects both, ircd-hybrid and ircd-ratbox. It was discovered that the ratbox IRC server is prone to a denial of service attack via the HELP command. The ircd-hybrid package is not vulnerable to this issue. For the stable distribution, this problem has been fixed in version 1:7.2.2.dfsg.2-4+lenny1 of the ircd-hybrid package and in version 2.2.8.dfsg-2+lenny1 of ircd-ratbox. Due to a bug in the archive software it was not possible to release the fix for the oldstable distribution simultaneously. The packages will be released as version 7.2.2.dfsg.2-3+etch1 once they become available. For the testing distribution and the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your ircd-hybrid/ircd-ratbox packages.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-3035-1 bash - security updateDebian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0bashTavis Ormandy discovered that the patch applied to fix <a href="https://security-tracker.debian.org/tracker/CVE-2014-6271">CVE-2014-6271</a> released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was incomplete and could still allow some characters to be injected into another environment (<a href="https://security-tracker.debian.org/tracker/CVE-2014-7169">CVE-2014-7169</a>). With this update prefix and suffix for environment variable names which contain shell functions are added as hardening measure.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-1612 ruby1.8 -- several vulnerabilitiesDebian GNU/Linux 4.0ruby1.8Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Drew Yao discovered that multiple integer overflows in the string processing code may lead to denial of service and potentially the execution of arbitrary code. Drew Yao discovered that multiple integer overflows in the string processing code may lead to denial of service and potentially the execution of arbitrary code. Drew Yao discovered that a programming error in the string processing code may lead to denial of service and potentially the execution of arbitrary code. Drew Yao discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code. Drew Yao discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code. It was discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrarySecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-3827-1 -- jasper -- security updateDebian 8jasperMultiple vulnerabilities have been discovered in the JasPer library for processing JPEG-2000 images, which may result in denial of service or the execution of arbitrary code if a malformed image is processed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10RHSA-2012:0434: flash-plugin security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6flash-pluginThe NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3RHSA-2012:0062: t1lib security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6t1libOff-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3SUSE-RU-2013:0472-1 -- Recommended update for hwinfoSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11hwinfoThis update for hwinfo fixes the kernel log parser to
correctly read time stamps prefixed to each logged line
and adds support to a new model of fingerprint reader.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3USN-713-1 -- openjdk-6 vulnerabilitiesUbuntu 8.10openjdk-6It was discovered that Java did not correctly handle untrusted applets. If a user were tricked into running a malicious applet, a remote attacker could gain user privileges, or list directory contents. It was discovered that Kerberos authentication and RSA public key processing were not correctly handled in Java. A remote attacker could exploit these flaws to cause a denial of service. It was discovered that Java accepted UTF-8 encodings that might be handled incorrectly by certain applications. A remote attacker could bypass string filters, possible leading to other exploits. Overflows were discovered in Java JAR processing. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. It was discovered that Java calendar objects were not unserialized safely. If a user or automated system were tricked into processing a specially crafted calendar object, a remote attacker could execute arbitrary code with user privileges. It was discovered that the Java image handling code could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service. It was discovered that temporary files created by Java had predictable names. If a user or automated system were tricked into processing a specially crafted JAR file, a remote attacker could overwrite sensitive informationSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-3266-1 -- fuse -- security updateDebian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0Debian 8fuseTavis Ormandy discovered that FUSE, a Filesystem in USErspace, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the environment that would not normally be safe for unprivileged users.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10ELSA-2014-3077 -- bash security update (Critical)Oracle Linux 5bash[3.2-33.1.0.1]
- Preliminary fix for CVE-2014-7169Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10USN-2073-1 -- linux vulnerabilitiesUbuntu 13.04linuxSeveral security issues were fixed in the kernel.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10USN-1348-1 -- ICU vulnerabilityUbuntu 11.04Ubuntu 11.10Ubuntu 10.04Ubuntu 10.10ICUicu: International Components for Unicode library ICU could be made to crash or run programs as your login if it opened specially crafted data.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-3542-1 -- mercurial -- security updateDebian GNU/Linux 7Debian GNU/kFreeBSD 7Debian 8mercurialSeveral vulnerabilities have been discovered in Mercurial, a distributed version control system.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DEPRECATED: ELSA-2013:1142: thunderbird security update (Important)Oracle Linux 6Oracle Linux 5thunderbirdMozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.3ELSA-2011:0959: mutt security update (Moderate)Oracle Linux 6muttMutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3RHSA-2012:1081: sudo security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6sudosudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3RHSA-2013:0500: hplip security, bug fix and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6hplipHP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-3017-1 php-cas - security updateDebian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0php-casMarvin S. Addison discovered that Jasig phpCAS, a PHP library for the CAS authentication protocol, did not encode tickets before adding them to an URL, creating a possibility for cross site scripting.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10SUSE-SU-2014:1464-1 -- Security update for wget (moderate)SUSE Linux Enterprise Desktop 12wgetwget was updated to fix one security issue.
This security issue was fixed:
- FTP symlink arbitrary filesystem access (CVE-2014-4877).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10RHSA-2009:1039 -- ntp security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5ntpAn updated ntp package that fixes two security issues is now available for
Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10RHSA-2011:0436: avahi security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5avahiavahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3USN-1079-1 -- openjdk-6 vulnerabilitiesUbuntu 10.10Ubuntu 9.10Ubuntu 10.04openjdk-6It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. Konstantin Prei&#223;er and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptorSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10RHSA-2012:0880: qt security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6qtStack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to glyph handling.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3USN-1243-1 -- linux vulnerabilitiesUbuntu 10.10linuxSeveral security issues were fixed in the kernel.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10USN-991-1 -- quassel vulnerabilityUbuntu 10.04Ubuntu 9.04Ubuntu 9.10quasselJima discovered that quassel would respond to a single privmsg containing multiple CTCP requests with multiple NOTICEs, possibly resulting in a denial of service against the IRC connection.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTED5.4DSA-3280-1 -- php5 -- security updateDebian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0Debian 8php5Multiple vulnerabilities have been discovered in PHP.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10USN-2203-1 -- linux vulnerabilityUbuntu 13.10linuxThe system could be made to crash or run programs as an administrator.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-3951-1 -- smb4k -- security updateDebian 8smb4kSebastian Krahmer discovered that a programming error in the mount helper binary of the Smb4k Samba network share browser may result in local privilege escalation.Alexandr RuchkinDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-2876-1 cups - security updateDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0cupsFlorian Weimer of the Red Hat Product Security Team discovered multiple vulnerabilities in the pdftoopvp CUPS filter, which could result in the execution of arbitrary code if a malformed PDF file is processed.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10SUSE-SU-2014:1615-1 -- Security update for pidgin (moderate)SUSE Linux Enterprise Desktop 12pidginThis pidgin security update fixes the following issues:
- bnc#902408: remote information leak via crafted XMPP message.
(CVE-2014-3698)
- bnc#902410: denial of service parsing Groupwise server message.
(CVE-2014-3696)
- bnc#902409: crash in MXit protocol plug-in. (CVE-2014-3695)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10RHSA-2011:1241: ecryptfs-utils security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6ecryptfs-utils** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3DSA-2848-1 mysql-5.5 - severalDebian GNU/Linux 7Debian GNU/kFreeBSD 7mysql-5.5Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.35. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-2369-1 libsoup2.4 -- insufficient input sanitisationDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libsoup2.4It was discovered that libsoup2.4, a HTTP library implementation in C, is not properly validating input when processing requests made to SoupServer. A remote attacker can exploit this flaw to access system files via a directory traversal attack.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-1741 psi -- integer overflowDebian GNU/Linux 5.0psiJesus Olmos Gonzalez discovered that an integer overflow in the PSI Jabber client may lead to remote denial of service. The old stable distribution (etch) is not affected.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-2414-2 fex -- insufficient input sanitisationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0fexIt was discovered that the last security update for F*X, DSA-2414-1, introduced a regression. Updated packages are now available to address this problem.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10USN-2252-1 -- linux-ec2 vulnerabilitiesUbuntu 10.04linux-ec2Several security issues were fixed in the kernel.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-2802-1 nginx - restriction bypassDebian GNU/Linux 7Debian GNU/kFreeBSD 7nginxIvan Fratric of the Google Security Team discovered a bug in nginx, a web server, which might allow an attacker to bypass security restrictions by using a specially crafted request.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10ELSA-2011:0910: ruby security update (Moderate)Oracle Linux 6rubyThe safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3DEPRECATED: ELSA-2010-0859 -- poppler security update (important)Oracle Linux 6poppler[0.12.4-3.el6.1]
- Add poppler-0.12.4-CVE-2010-3702.patch
(Properly initialize parser)
- Add poppler-0.12.4-CVE-2010-3703.patch
(Properly initialize stack)
- Add poppler-0.12.4-CVE-2010-3704.patch
(Fix crash in broken pdf (code < 0))
- Resolves: #639859Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10DSA-2567-1 request-tracker3.8 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0request-tracker3.8Several vulnerabilities were discovered in Request Tracker (RT), an issue tracking system.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10SUSE-SU-2013:0389-1 -- Security update for ApacheSUSE Linux Enterprise Server 11ApacheThis update fixes the following issues:
* CVE-2012-4557: Denial of Service via special requests
in mod_proxy_ajp
* CVE-2012-0883: improper LD_LIBRARY_PATH handling
* CVE-2012-2687: filename escaping problemSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10RHSA-2012:0973: nss, nss-util, and nspr security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6nsprnssnss-utilNetwork Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Netscape Portable Runtime (NSPR) provides platform
independence for non-GUI operating system facilities.
It was found that a Certificate Authority (CA) issued a subordinate CA
certificate to its customer, that could be used to issue certificates for
any name. This update renders the subordinate CA certificate as untrusted.
(BZ#798533)
Note: This fix only applies to applications using the NSS Builtin Object
Token. It does not render the certificates untrusted for applications that
use the NSS library, but do not use the NSS Builtin Object Token.
The nspr package has been upgraded to upstream version 4.9, which provides
a number of bug fixes and enhancements over the previous version.
(BZ#799193)
The nss-util package has been upgraded to upstream version 3.13.3, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#799192)
The nss package has been upgraded to upstream version 3.13.3, which
provides numerous bug fixes and enhancements over the previous version. In
particular, SSL 2.0 is now disabled by default, support for SHA-224 has
been added, PORT_ErrorToString and PORT_ErrorToName now return the error
message and symbolic name of an NSS error code, and NSS_GetVersion now
returns the NSS version string. (BZ#744070)
These updated nss, nss-util, and nspr packages also provide fixes for the
following bugs:
* A PEM module internal function did not clean up memory when detecting a
non-existent file name. Consequently, memory leaks in client code occurred.
The code has been improved to deallocate such temporary objects and as a
result the reported memory leakage is gone. (BZ#746632)
* Recent changes to NSS re-introduced a problem where applications could
not use multiple SSL client certificates in the same process. Therefore,
any attempt to run commands that worked with multiple SSL client
certificates, such as the "yum repolist" command, resulted in a
re-negotiation handshake failure. With this update, a revised patch
correcting this problem has been applied to NSS, and using multiple SSL
client certificates in the same process is now possible again. (BZ#761086)
* The PEM module did not fully initialize newly constructed objects with
function pointers set to NULL. Consequently, a segmentation violation in
libcurl was sometimes experienced while accessing a package repository.
With this update, the code has been changed to fully initialize newly
allocated objects. As a result, updates can now be installed without
problems. (BZ#768669)
* A lack-of-robustness flaw caused the administration server for Red Hat
Directory Server to terminate unexpectedly because the mod_nss module made
nss calls before initializing nss as per the documented API. With this
update, nss protects itself against being called before it has been
properly initialized by the caller. (BZ#784674)
* Compilation errors occurred with some compilers when compiling code
against NSS 3.13.1. The following error message was displayed:
pkcs11n.h:365:26: warning: "__GNUC_MINOR" is not defined
An upstream patch has been applied to improve the code and the problem no
longer occurs. (BZ#795693)
* Unexpected terminations were reported in the messaging daemon (qpidd)
included in Red Hat Enterprise MRG after a recent update to nss. This
occurred because qpidd made nss calls before initializing nss. These
updated packages prevent qpidd and other affected processes that call nss
without initializing as mandated by the API from crashing. (BZ#797426)
Users of NSS, NSPR, and nss-util are advised to upgrade to these updated
packages, which fix these issues and add these enhancements. After
installing this update, applications using NSS, NSPR, or nss-util must be
restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3DSA-4318-1 -- moin -- security updateDebian 9moinNitin Venkatesh discovered a cross-site scripting vulnerability in moin, a Python clone of WikiWiki.
A remote attacker can conduct cross-site scripting attacks via the GUI editor's link dialogue. This only affects installations which have set up fckeditor (not enabled by default).Alexandr RuchkinDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-1739 mldonkey -- path traversalDebian GNU/Linux 5.0mldonkeyIt has been discovered that mldonkey, a client for several P2P networks, allows attackers to download arbitrary files using crafted requests to the HTTP console. The old stable distribution (etch) is not affected by this problem.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10RHSA-2010:0918: cvs security update (Moderate)Red Hat Enterprise Linux 6cvsArray index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3DEPRECATED: ELSA-2010-0054 -- openssl security update (moderate)Oracle Linux 5openssl[0.9.8e-12.1]
- fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197)
- fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data()
is called prematurely by application (#546707)Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10DSA-3563-1 -- poppler -- security updateDebian 8popplerIt was discovered that a heap overflow in the Poppler PDF library may result in denial of service and potentially the execution of arbitrary code if a malformed PDF file is opened.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10SUSE-RU-2014:0356-1 -- Recommended update for microcode_ctlSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11microcode_ctlThis update provides Intel's CPU microcode version 20140122.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3USN-2235-1 -- linux vulnerabilitiesUbuntu 12.04linuxSeveral security issues were fixed in the kernel.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10ELSA-2012:0143: xulrunner security update (Critical)Oracle Linux 5Oracle Linux 6xulrunnerInteger overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3ELSA-2008:0038: postgresql security update (Moderate)Oracle Linux 5postgresqlThe DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3DSA-2289-1 typo3-src -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0typo3-srcSeveral remote vulnerabilities have been discovered in the TYPO3 web content management framework: cross-site scripting, information disclosure, authentication delay bypass, and arbitrary file deletionSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.6DSA-1607-1 iceweasel - several vulnerabilitiesDebian GNU/Linux 4.0iceweaselSeveral remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-1712 rt2400 -- integer overflowDebian GNU/Linux 4.0rt2400It was discovered that an integer overflow in the "Probe Request" packet parser of the Ralinktech wireless drivers might lead to remote denial of service or the execution of arbitrary code. Please note that you need to rebuild your driver from the source package in order to set this update into effect. Detailed instructions can be found in /usr/share/doc/rt2400-source/README.DebianSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-3418-1 -- chromium-browser -- security updateDebian 8chromium-browserSeveral vulnerabilities have been discovered in the chromium web browser.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-2021 spamass-milter -- missing input sanitisationDebian GNU/Linux 5.0spamass-milterA missing input sanitisation in spamass-milter, a milter used to filter mail through spamassassin, was discovered. This allows a remote attacker to inject and execute arbitrary shell commands.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.4ELSA-2007:0057: bind security update (Moderate)Oracle Linux 5bindISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3SUSE-SU-2014:1366-2 -- Security update for wget (important)SUSE Linux Enterprise Server 11wgetwget was updated to fix one security issue and two non-security issues:
* FTP symbolic link arbitrary filesystem access (CVE-2014-4877).
* Fix displaying of download time (bnc#901276).
* Fix 0 size FTP downloads after failure (bnc#885069).
Security Issues:
* CVE-2014-4877
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10ELSA-2010:0782: firefox security update (Critical)Oracle Linux 5firefoxnssxulrunnerThe LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3SUSE-RU-2014:0757-1 -- Recommended update for yast2-samba-clientSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11yast2-samba-clientThis update for yast2-samba-client provides the following fixes:
* Remove CTDB crm resource hierarchy assumption. (bnc#813462)
* Fix standalone Active Directory join from a HA cluster. (bnc#865445)
* Fix handling of CTDB primitives containing hyphens.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3DEPRECATED: ELSA-2013-1114 -- bind security update (important)Oracle Linux 6bind[32:9.8.2-0.17.rc1.0.2.el6_4.5]
- bump release and build for ULN
[32:9.8.2-0.17.rc1.5]
- fix CVE-2013-4854Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10DEPRECATED: SUSE-RU-2014:1063-1 -- Recommended update for nss_ldapSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11nss_ldapThis update for nss_ldap provides fixes for the several issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.3SUSE-SU-2015:0866-1 -- Security update for gd (low)SUSE Linux Enterprise Server 12SUSE Linux Enterprise Desktop 12gdThe graphics drawing library gd was updated to fix one security issue.
The following vulnerability was fixed:
* possible buffer read overflow (CVE-2014-9709)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10ELSA-2009:1620: bind security update (Moderate)Oracle Linux 5bindUnspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3DSA-2028-1 xpdf -- multipleDebian GNU/Linux 5.0xpdfSeveral vulnerabilities have been identified in xpdf, a suite of tools for viewing and converting Portable Document Format files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1188 and CVE-2009-3603 Integer overflow in SplashBitmap::SplashBitmap which might allow remote attackers to execute arbitrary code or an application crash via a crafted PDF document. CVE-2009-3604 NULL pointer dereference or heap-based buffer overflow in Splash::drawImage which might allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document. CVE-2009-3606 Integer overflow in the PSOutputDev::doImageL1Sep which might allow remote attackers to execute arbitrary code via a crafted PDF document. CVE-2009-3608 Integer overflows in the ObjectStream::ObjectStream which might allow remote attackers to execute arbitrary code via a crafted PDF document. CVE-2009-3609 Integer overflow in the ImageStream::ImageStream which might allow remote attackers to cause a denial of service via a crafted PDF document. For the stable distribution, this problem has been fixed in version 3.02-1.4+lenny2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 3.02-2.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10RHSA-2014:0687: libtasn1 security update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7libtasn1The libtasn1 library provides Abstract Syntax Notation One (ASN.1) parsing
and structures management, and Distinguished Encoding Rules (DER) encoding
and decoding functions.
It was discovered that the asn1_get_bit_der() function of the libtasn1
library incorrectly reported the length of ASN.1-encoded data. Specially
crafted ASN.1 input could cause an application using libtasn1 to perform
an out-of-bounds access operation, causing the application to crash or,
possibly, execute arbitrary code. (CVE-2014-3468)
Multiple incorrect buffer boundary check issues were discovered in
libtasn1. Specially crafted ASN.1 input could cause an application using
libtasn1 to crash. (CVE-2014-3467)
Multiple NULL pointer dereference flaws were found in libtasn1's
asn1_read_value() function. Specially crafted ASN.1 input could cause an
application using libtasn1 to crash, if the application used the
aforementioned function in a certain way. (CVE-2014-3469)
Red Hat would like to thank GnuTLS upstream for reporting these issues.
All libtasn1 users are advised to upgrade to these updated packages, which
correct these issues. For the update to take effect, all applications
linked to the libtasn1 library must be restarted.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTED5.3USN-1552-1 -- keystone vulnerabilitiesUbuntu 12.04keystoneTwo security issues were fixed in OpenStack Keystone.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DEPRECATED: ELSA-2012:1088: firefox security update (Critical)Oracle Linux 5Oracle Linux 6firefoxxulrunnerMozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.3DSA-2687-1 libfs - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libfsIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DEPRECATED: ELSA-2012:1037: postgresql and postgresql84 security update (Moderate)Oracle Linux 5Oracle Linux 6postgresql84postgresqlPostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.3ELSA-2013:0815: httpd security update (Moderate)Oracle Linux 6Oracle Linux 5httpdmod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3SUSE-SU-2013:0456-2 -- Security update for JavaSUSE Linux Enterprise Server 10JavaIBM Java 6 has been updated to SR13 which fixes various
critical security issues and bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10USN-945-1 -- clamav vulnerabilitiesUbuntu 10.04Ubuntu 9.04Ubuntu 9.10clamavIt was discovered that ClamAV did not properly reallocate memory when processing certain PDF files. A remote attacker could send a specially crafted PDF and crash ClamAV. An out of bounds memory access flaw was discovered in ClamAV. A remote attacker could send a specially crafted Portable Executable file and crash ClamAV. This issue only affected Ubuntu 10.04 LTSSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10ELSA-2012:1551: mysql security update (Important)Oracle Linux 6mysqlStack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3DSA-2776-1 drupal6 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0drupal6Multiple vulnerabilities have been been fixed in the Drupal content management framework, resulting in information disclosure, insufficient validation, cross-site scripting and cross-site request forgery.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-1804-1 ipsec-tools -- null pointer dereference, memory leaksDebian GNU/Linux 5.0Debian GNU/Linux 4.0ipsec-toolsSeveral remote vulnerabilities have been discovered in racoon, the Internet Key Exchange daemon of ipsec-tools. The The Common Vulnerabilities and Exposures project identified the following problems: Neil Kettle discovered a NULL pointer dereference on crafted fragmented packets that contain no payload. This results in the daemon crashing which can be used for denial of service attacks. Various memory leaks in the X.509 certificate authentication handling and the NAT-Traversal keepalive implementation can result in memory exhaustion and thus denial of service. For the oldstable distribution, this problem has been fixed in version 1:0.6.6-3.1etch3. For the stable distribution, this problem has been fixed in version 1:0.7.1-1.3+lenny2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1:0.7.1-1.5. We recommend that you upgrade your ipsec-tools packages.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.10DSA-2019 pango1.0 -- missing input sanitisationDebian GNU/Linux 5.0pango1.0Marc Schoenefeld discovered an improper input sanitisation in Pango, a library for layout and rendering of text, leading to array indexing error. If a local user was tricked into loading a specially-crafted font file in an application, using the Pango font rendering library, it could lead to denial of service .SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10ELSA-2009:0479: perl-DBD-Pg security update (Moderate)Oracle Linux 5perl-DBD-PgMemory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3ELSA-2014:0311: php security update (Critical)Oracle Linux 5phpArray index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.Sushant Kumar SinghDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3SUSE-RU-2013:0556-1 -- Recommended update for LibreOfficeSUSE Linux Enterprise Desktop 11LibreOfficeThis collective update for LibreOffice provides many fixes
and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3DEPRECATED: ELSA-2013-0602 -- java-1.7.0-openjdk security update (critical)Oracle Linux 6java-1.7.0-openjdk[1.7.0.9-2.3.8.0.0.1.el6_4]
- Update DISTRO_NAME in specfile
[1.7.0.9-2.3.8.0el6]
- Revert to rhel 6.3 version of spec file
- Revert to icedtea7 2.3.8 forest
- Resolves: rhbz#917183
[1.7.0.11-2.4.0.pre5.el6]
- Update to latest snapshot of icedtea7 2.4 forest
- Resolves: rhbz#917183
[1.7.0.9-2.4.0.pre4.3.el6]
- Updated to icedtea 2.4.0.pre4,
- Rewritten (again) patch3 java-1.7.0-openjdk-java-access-bridge-security.patch
- Resolves: rhbz#911530
[1.7.0.9-2.4.0.pre3.3.el6]
- Updated to icedtea 2.4.0.pre3, updated!
- Rewritten patch3 java-1.7.0-openjdk-java-access-bridge-security.patch
- Resolves: rhbz#911530
[1.7.0.9-2.4.0.pre2.3.el6]
- Removed testing
- mauve was outdated and
- jtreg was icedtea relict
- Updated to icedtea 2.4.0.pre2, updated?
- Added java -Xshare:dump to post (see 513605) fo jitarchs
- Resolves: rhbz#911530
[1.7.0.11-2.4.0.2.el6]
- Unapplied but kept (for 2.3revert) patch110, java-1.7.0-openjdk-nss-icedtea-e9c857dcb964.patch
- Added and applied patch113: java-1.7.0-openjdk-aes-update_reset.patch
- Added and applied patch114: java-1.7.0-openjdk-nss-tck.patch
- Added and applied patch115: java-1.7.0-openjdk-nss-split_results.patch
- NSS enabled by default - enable_nss set to 1
- rewritten patch109 - java-1.7.0-openjdk-nss-config-1.patch
- rewritten patch111 - java-1.7.0-openjdk-nss-config-2.patch
- Resolves: rhbz#831734
[1.7.0.11-2.4.0.1.el6]
- Rewritten patch105: java-1.7.0-openjdk-disable-system-lcms.patch
- Added jxmd and idlj to alternatives
- make executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true
- Unapplied patch302 and deleted systemtap.patch
- buildver increased to 11
- icedtea_version set to 2.4.0
- Added and applied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch
- removed tmp-patches source tarball
- Added /lib/security/US_export_policy.jar and lib/security/local_policy.jar
- Disabled nss - enable_nss set to 0
- Resolves: rhbz#895034Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10USN-1615-1 -- python3.2 vulnerabilitiesUbuntu 12.10Ubuntu 12.04Ubuntu 11.10Ubuntu 11.04python3.2Several security issues were fixed in Python 3.2.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DEPRECATED: ELSA-2014-0304 -- mutt security update (important)Oracle Linux 6mutt[5:1.5.20-4.20091214hg736b6a]
- Resolves: #1075872 (CVE-2014-0467, heap-based buffer overflow when parsing
certain headers)Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMMaria MikhnoDEPRECATEDDEPRECATED5.10ELSA-2011:0025: gcc security and bug fix update (Low)Oracle Linux 5gccAbsolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3RHSA-2014:1166: jakarta-commons-httpclient security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7jakarta-commons-httpclientJakarta Commons HTTPClient implements the client side of HTTP standards.
It was discovered that the HTTPClient incorrectly extracted host name from
an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2014-3577)
For additional information on this flaw, refer to the Knowledgebase
article in the References section.
All jakarta-commons-httpclient users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3RHSA-2012:0324: libxml2 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libxml2libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3USN-829-1 -- qt4-x11 vulnerabilityUbuntu 8.10Ubuntu 8.04Ubuntu 9.04qt4-x11It was discovered that Qt did not properly handle certificates with NULL characters in the Subject Alternative Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communicationsSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10SUSE-SU-2013:0554-1 -- Security update for OpenSSLSUSE Linux Enterprise Server 10SUSE Linux Enterprise Desktop 10OpenSSLOpenSSL has been updated to fix several security issues:
*
CVE-2012-4929: Avoid the openssl CRIME attack by
disabling SSL compression by default. Setting the
environment variable "OPENSSL_NO_DEFAULT_ZLIB" to "no"
enables compression again.
Please note that openssl on SUSE Linux Enterprise 10
is not built with compression support.
*
CVE-2013-0169: Timing attacks against TLS could be
used by physically local attackers to gain access to
transmitted plain text or private keymaterial. This issue
is also known as the "Lucky-13" issue.
*
CVE-2013-0166: A OCSP invalid key denial of service
issue was fixed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10USN-1430-4 -- apparmor updateUbuntu 12.04Ubuntu 11.10Ubuntu 11.04Ubuntu 10.04apparmorThis update provides updates for the AppArmor profile abstractions.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.4USN-1531-1 -- linux vulnerabilitiesUbuntu 11.04linuxSeveral security issues were fixed in the kernel.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10USN-1573-1 -- linux-ec2 vulnerabilitiesUbuntu 10.04linux-ec2Several security issues were fixed in the kernel.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-2827-1 libcommons-fileupload-java - arbitrary file upload via deserializationDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libcommons-fileupload-javaIt was discovered that Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications, incorrectly handled file names with NULL bytes in serialized instances. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-1645 lighttpd -- variousDebian GNU/Linux 4.0lighttpdSeveral local/remote vulnerabilities have been discovered in lighttpd, a fast webserver with minimal memory footprint. The Common Vulnerabilities and Exposures project identifies the following problems: A memory leak in the http_request_parse function could be used by remote attackers to cause lighttpd to consume memory, and cause a denial of service attack. Inconsistant handling of URL patterns could lead to the disclosure of resources a server administrator did not anticipate when using rewritten URLs. Upon filesystems which don't handle case-insensitive paths differently it might be possible that unanticipated resources could be made available by mod_userdir.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10USN-843-1 -- backuppc vulnerabilityUbuntu 8.10Ubuntu 8.04Ubuntu 9.04backuppcIt was discovered that BackupPC did not restrict normal users from setting the ClientNameAlias parameter. An authenticated user could exploit this to gain access to unauthorized hosts. This update fixed the issue by preventing normal users from modifying the ClientNameAlias configuration parameter.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-1767-1 multipath-tools -- insecure file permissionsDebian GNU/Linux 5.0Debian GNU/Linux 4.0multipath-toolsIt was discovered that multipathd of multipath-tools, a tool-chain to manage disk multipath device maps, uses insecure permissions on its unix domain control socket which enables local attackers to issue commands to multipathd prevent access to storage devices or corrupt file system data. For the oldstable distribution, this problem has been fixed in version 0.4.7-1.1etch2. For the stable distribution, this problem has been fixed in version 0.4.8-14+lenny1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 0.4.8-15. We recommend that you upgrade your multipath-tools packages.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-4088-1 -- gdk-pixbuf -- security updateDebian 8Debian 9gdk-pixbufIt was discovered that multiple integer overflows in the GIF image loader in the GDK Pixbuf library may result
in denial of service and potentially the execution of arbitrary code if a malformed image file is opened.Alexandr RuchkinDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-1756 xulrunner -- multiple vulnerabilitiesDebian GNU/Linux 5.0xulrunnerSeveral remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim's computer. Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim's computer. Note that after installing these updates, you will need to restart any packages using xulrunner, typically iceweasel or epiphany. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10USN-610-1 -- ltsp vulnerabilityUbuntu 6.06Ubuntu 7.04Ubuntu 7.10ltspChristian Herzog discovered that it was possible to connect to any LTSP client's X session over the network.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10SUSE-RU-2014:0083-1 -- Recommended update for openldap2SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11openldap2This update for openldap2 fixes an issue in the package's
pre-installation script that could cause an install error
when building images with Kiwi.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3DEPRECATED: ELSA-2013-0604 -- java-1.6.0-openjdk security update (important)Oracle Linux 5java-1.6.0-openjdk[ 1:1.6.0.0-1.36.1.11.9.0.1.el5_9]
- Add oracle-enterprise.patch
[1:1.6.0.0-1.36.1.11.9]
- Updated to icedtea6 1.11.9
- Resolves: rhbz#917176Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10SUSE-RU-2014:0621-1 -- Recommended update for x11-input-wacomSUSE Linux Enterprise Desktop 11x11-input-wacomThis updates provides a new version of X.Org's Wacom input
driver, fixing issues and bringing various enhancements:
* Fix namespace of non-static driver functions to not
conflict with other drivers.
* Make sure serial number is available for proximity
event logging.
* Fix the 'lost button event' issue when pen hits the
tablet too fast.
* Implement logging of events and fix up some of the
existing debug messages in the driver.
* Add new options to the wacom(4) man page.
(bnc#869431, bnc#860803, FATE#316712)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3DSA-1512-1 evolution - remote code executionDebian GNU/Linux 4.0evolutionUlf H&auml;rnhammar discovered that Evolution, the e-mail and groupware suite, had a format string vulnerability in the parsing of encrypted mail messages. If the user opened a specially crafted email message, code execution was possible.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-2910-1 qemu-kvm - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7qemu-kvmMichael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the way qemu processed MAC addresses table update requests from the guest.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10ELSA-2015-1002 -- Oracle xenOracle Linux 5xenThe Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTED5.3DSA-3750-2 -- libphp-phpmailer -- security updateDebian 8libphp-phpmailerDawid Golunski discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-2672-1 kfreebsd-9 - interpretation conflictDebian GNU/kFreeBSD 7kfreebsd-9Adam Nowacki discovered that the new FreeBSD NFS implementation processes a crafted READDIR request which instructs to operate a file system on a file node as if it were a directory node, leading to a kernel crash or potentially arbitrary code execution.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-3343-1 -- twig -- security updateDebian 8twigJames Kettle, Alain Tiemblo, Christophe Coevoet and Fabien Potencier discovered that twig, a templating engine for PHP, did not correctly process its input. End users allowed to submit twig templates could use specially crafted code to trigger remote code execution, even in sandboxed templates.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DEPRECATED: ELSA-2012-0308 -- busybox security and bug fix update (low)Oracle Linux 5busybox[1:1.2.0-13]
- Resolves: #768083 'busybox various flaws' including:
'buffer underflow in decompression'
'udhcpc insufficient checking of DHCP options'
[1:1.2.0-12]
- Resolves: #756723
'Kdump fails after findfs subcommand of busybox fails'
[1:1.2.0-11]
- Resolves: #689659
''busybox cp' does not return a correct exit code when 'No space left on device''Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10DSA-1885-1 xulrunner -- severalDebian GNU/Linux 5.0xulrunnerSeveral remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3070 Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3071 Daniel Holbert, Jesse Ruderman, Olli Pettay and &quot;toshi&quot; discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3072 Josh Soref, Jesse Ruderman and Martin Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3074 Jesse Ruderman discovered a crash in the Javascript engine, which might allow the execution of arbitrary code. CVE-2009-3075 Carsten Book and &quot;Taral&quot; discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3076 Jesse Ruderman discovered that the user interface for installing/ removing PCKS #11 securiy modules wasn’t informative enough, which might allow social engineering attacks. CVE-2009-3077 It was discovered that incorrect pointer handling in the XUL parser could lead to the execution of arbitrary code. CVE-2009-3078 Juan Pablo Lopez Yacubian discovered that incorrent rendering of some Unicode font characters could lead to spoofing attacks on the location bar. For the stable distribution, these problems have been fixed in version 1.9.0.14-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution, these problems have been fixed in version 1.9.0.14-1. For the experimental distribution, these problems have been fixed in version 1.9.1.3-1. We recommend that you upgrade your xulrunner package.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10SUSE-SU-2014:0847-1 -- Security update for novell-qtgui, novell-ui-baseSUSE Linux Enterprise Desktop 11novell-qtguinovell-ui-basePackages novell-ui-base and novell-qtgui were updated to prevent erroneous rights assignment when a user is granted 'File Scan' rights (F).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-4112-1 -- xen -- security updateDebian 9xenMultiple vulnerabilities have been discovered in the Xen hypervisor.Alexandr RuchkinDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-2435-1 gnash -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0gnashSeveral vulnerabilities have been identified in Gnash, the GNU Flash player. CVE-2012-1175 Tielei Wang from Georgia Tech Information Security Center discovered a vulnerability in GNU Gnash which is caused due to an integer overflow error and can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted SWF file. CVE-2011-4328 Alexander Kurtz discovered an unsafe management of HTTP cookies. Cookie files are stored under /tmp and have predictable names, vulnerability that allows a local attacker to overwrite arbitrary files the users has write permissions for, and are also world-readable which may cause information leak. CVE-2010-4337 Jakub Wilk discovered an unsafe management of temporary files during the build process. Files are stored under /tmp and have predictable names, vulnerability that allows a local attacker to overwrite arbitrary files the users has write permissions for.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10USN-1700-2 -- linux-ti-omap4 regressionUbuntu 12.10linux-ti-omap4USN-1700-1 introduced a regression in the Linux kernel.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10USN-686-1 -- awstats vulnerabilityUbuntu 6.06Ubuntu 7.10Ubuntu 8.04Ubuntu 8.10awstatsMorgan Todd discovered that AWStats did not correctly strip quotes from certain parameters, allowing for an XSS attack when running as a CGI.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10RHSA-2014:0679: openssl security update (Important)Red Hat Enterprise Linux 7CentOS Linux 7opensslOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
It was found that OpenSSL clients and servers could be forced, via a
specially crafted handshake packet, to use weak keying material for
communication. A man-in-the-middle attacker could use this flaw to decrypt
and modify traffic between a client and a server. (CVE-2014-0224)
Note: In order to exploit this flaw, both the server and the client must be
using a vulnerable version of OpenSSL; the server must be using OpenSSL
version 1.0.1 and above, and the client must be using any version of
OpenSSL. For more information about this flaw, refer to:
https://access.redhat.com/site/articles/904433
A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS
packet fragments. A remote attacker could possibly use this flaw to execute
arbitrary code on a DTLS client or server. (CVE-2014-0195)
Multiple flaws were found in the way OpenSSL handled read and write buffers
when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or
server using OpenSSL could crash or unexpectedly drop connections when
processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)
A denial of service flaw was found in the way OpenSSL handled certain DTLS
ServerHello requests. A specially crafted DTLS handshake packet could cause
a DTLS client using OpenSSL to crash. (CVE-2014-0221)
A NULL pointer dereference flaw was found in the way OpenSSL performed
anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially
crafted handshake packet could cause a TLS/SSL client that has the
anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)
Red Hat would like to thank the OpenSSL project for reporting these issues.
Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter
of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195,
Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix
Gröbert and Ivan Fratrić of Google as the original reporters of
CVE-2014-3470.
All OpenSSL users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTED5.10DSA-3068-1 -- konversation security updateDebian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0konversationIt was discovered that Konversation, an IRC client for KDE, could be crashed when receiving malformed messages using FiSH encryption.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10ELSA-2009:0478: acroread security update (Critical)Oracle Linux 5acroreadThe customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3USN-1158-1 -- curl vulnerabilitiesUbuntu 11.04Ubuntu 8.04Ubuntu 10.04Ubuntu 10.10curlcurl: HTTP, HTTPS, and FTP client and client libraries Details: Richard Silverman discovered that when doing GSSAPI authentication, libcurl unconditionally performs credential delegation, handing the server a copy of the client�s security credential. Wesley Miaw discovered that when zlib is enabled, libcurl does not properly restrict the amount of callback data sent to an application that requests automatic decompression. This might allow an attacker to cause a denial of service via an application crash or possibly execute arbitrary code with the privilege of the application. This issue only affected Ubuntu 8.04 LTS and Ubuntu 10.04 LTS. USN 818-1 fixed an issue with curl�s handling of SSL certificates with zero bytes in the Common Name. Due to a packaging error, the fix for this issue was not being applied during the build. This issue only affected Ubuntu 8.04 LTS. We apologize for the error. Original advisory Multiple vulnerabilities in curl.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10USN-1933-1 -- linux-ti-omap4 vulnerabilitiesUbuntu 12.10linux-ti-omap4Several security issues were fixed in the kernel.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10RHSA-2014:0474: struts security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5strutsApache Struts is a framework for building web applications with Java.
It was found that the Struts 1 ActionForm object allowed access to the
'class' parameter, which is directly mapped to the getClass() method. A
remote attacker could use this flaw to manipulate the ClassLoader used by
an application server running Struts 1. This could lead to remote code
execution under certain conditions. (CVE-2014-0114)
All struts users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. All running applications
using struts must be restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3DSA-3831-1 -- firefox-esr -- security updateDebian 8firefox-esrMultiple security issues have been found in the Mozilla Firefox web browser:
Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-2073 mlmmj -- insufficient input sanitisingDebian GNU/Linux 5.0mlmmjFlorian Streibelt reported a directory traversal flaw in the way the Mailing List Managing Made Joyful mailing list manager processed users" requests originating from the administrator web interface without enough input validation. A remote, authenticated attacker could use these flaws to write and/or delete arbitrary files.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10SUSE-SU-2013:1097-2 -- Security update for xorg-x11-libXfixesSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xorg-x11-libXfixesThis update of xorg-x11-libXfixes fixed a integer overflow
issue.
Bug 815451/821667 CVE-2013-1983
Security Issues:
* CVE-2013-1983
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1983
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10RHSA-2011:0206: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, and CVE-2011-0607.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3RHSA-2011:1459: bind97 security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5bind97query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3DSA-4036-1 -- mediawiki -- security updateDebian 9mediawikiMultiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work.Alexandr RuchkinDRAFTINTERIMACCEPTEDACCEPTED5.10SUSE-SU-2014:0466-1 -- Security update for xinetdSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11xinetdThe multiplexing system xinetd was updated to fix security
issues and a bug.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-1414-1 wireshark - several vulnerabilitiesDebian GNU/Linux 4.0wiresharkSeveral remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service or execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10ELSA-2010:0894: systemtap security update (Important)Oracle Linux 5Oracle Linux 6systemtapThe staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules).Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3ELSA-2012:1266: bind97 security update (Important)Oracle Linux 5bind97ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3DEPRECATED: ELSA-2011-0600 -- dovecot security and enhancement update (moderate)Oracle Linux 6dovecot[2.0.9-2]
- fix issues and assert crashes found in 2.0.9 (lmtp,dotlock,zlib)
[2.0.9-1]
- dovecot updated to 2.0.9
- fixed a high system CPU usage / high context switch count performance problem
- lda: Fixed a crash when trying to send 'out of quota' reply
[2.0.8-1]
- dovecot updated to 2.0.8 (fixes #654226), pigeonhole updated to 0.2.2
- IMAP: Fixed SELECT QRESYNC not to crash on mailbox close if a lot of changes w
ere being sent.
- Fixed leaking fds when writing to dovecot.mailbox.log.
- Fixed rare dovecot.index.cache corruption
- zlib: Fixed several crashes, which mainly showed up with mbox.
- acl: Fixed crashing when sometimes listing shared mailboxes via dict proxy.
- mdbox: Fixed potential assert-crash when saving multiple messages
in one transaction
- dsync: a lot of fixes
- fixed lda + sieve crashSergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10DEPRECATED: ELSA-2012-0322 -- java-1.6.0-openjdk security update (important)Oracle Linux 5java-1.6.0-openjdk[1.6.0.0-1.25.1.10.6.0.1.el5_8]
- Add oracle-enterprise.patch
[1:1.6.0.0-1.25.1.10.6]
- Updated to IcedTea6 1.10.6
- Resolves: rhbz#787142
- Security fixes
- S7082299: Fix in AtomicReferenceArray
- S7088367: Fix issues in java sound
- S7110683: Issues with some KeyboardFocusManager method
- S7110687: Issues with TimeZone class
- S7110700: Enhance exception throwing mechanism in ObjectStreamClass
- S7110704: Issues with some method in corba
- S7112642: Incorrect checking for graphics rendering object
- S7118283: Better input parameter checking in zip file processing
- S7126960: Add property to limit number of request headers to the HTTP Server
- Bug fixes
- RH580478: Desktop files should not use hardcoded path
- Removed and deleted upstreamed patch7 - name-rmi-fix.patch
- Removed and deleted upstreamed Hugepages patches:
- Source100: 7034464-hugepage.patch
- Source101: 7037939-hugepage.patch
- Source102: 7043564-hugepage.patchSergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10USN-1172-1 -- logrotate vulnerabilitiesUbuntu 11.04Ubuntu 8.04Ubuntu 10.04Ubuntu 10.10logrotatelogrotate: Log rotation utility An attacker could cause logrotate to run programs, stop working, or read and write arbitrary files.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DEPRECATED: ELSA-2010-0675 -- sudo security update (important)Oracle Linux 5sudo[1.7.2p1-8]
- added patch for CVE-2010-2956 (#628628)Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10DSA-2077-1 openldap -- severalDebian GNU/Linux 5.0openldapTwo remote vulnerabilities have been discovered in OpenLDAP. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0211 The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences. CVE-2010-0212 OpenLDAP 2.4.22 allows remote attackers to cause a denial of service via a modrdn call with a zero-length RDN destination string. For the stable distribution, this problem has been fixed in version 2.4.11-1+lenny2. For the unstable distribution, this problem has been fixed in version 2.4.23-1. We recommend that you upgrade your openldap packages.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-3191-1 -- gnutls26 -- security updateDebian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0gnutls26Multiple vulnerabilities have been discovered in GnuTLS, a library implementing the TLS and SSL protocols.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-1638-1 openssh - denial of serviceDebian 4.0opensshIt has been discovered that the signal handler implementing the login timeout in Debian's version of the OpenSSH server uses functions which are not async-signal-safe, leading to a denial of service vulnerability (<a href="http://security-tracker.debian.org/tracker/CVE-2008-4109">CVE-2008-4109</a>).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-4010-1 -- git-annex -- security updateDebian 8Debian 9git-annexIt was discovered that git-annex, a tool to manage files with git without checking their contents in, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command.Alexandr RuchkinDRAFTINTERIMACCEPTEDACCEPTED5.10RHSA-2012:0748: libvirt security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6libvirtlibvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3RHSA-2012:0862: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3DEPRECATED: ELSA-2012-1261 -- dbus security update (moderate)Oracle Linux 6dbus[1:1.2.24-7.0.1.el6_3 ]
- fix netlink poll: error 4 (Zhenzhong Duan)
[1:1.2.24-7]
- Resolves: #854821
[1:1.2.24-6]
- Apply patches for CVE-2011-2200
- Resolves: #725314Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10DSA-3791-1 -- linux -- security updateDebian 8linuxSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-1395-1 xen-3.0 - insecure temporary filesDebian GNU/Linux 4.0xen-3.0Steve Kemp from the Debian Security Audit project discovered that xen-utils, a collection of XEN administrative tools, used temporary files insecurely within the xenmon tool allowing local users to truncate arbitrary files.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10ELSA-2010:0633: qspice security update (Important)Oracle Linux 5qspicelibspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3ELSA-2010:0578: freetype security update (Important)Oracle Linux 5freetypeBuffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3DEPRECATED: ELSA-2013-1778 -- gimp security update (moderate)Oracle Linux 5Oracle Linux 6gimp[2:2.6.9-6]
- fix overflow in XWD loader (CVE-2013-1913, CVE-2013-1978)
[2:2.6.9-5]
- fix overflow in XWD loader (#879302)
[2:2.6.9-5]
- fix overflow in GIF loader (#847303)
[2:2.6.9-5]
- fix overflows in GIF, CEL loaders (#727800, #839020)
[2:2.6.9-4.1]
- fix various overflows (#666793, #703403, #703405, #703407, #704512)Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10SUSE-SU-2014:1316-1 -- Security update for Linux kernel (important)SUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11Linux kernelThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix
various bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DEPRECATED: SUSE-RU-2014:1048-1 -- Recommended update for aaa_baseSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11aaa_baseThis update for aaa_base provides the several fixes and enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.3ELSA-2013:0132: autofs security, bug fix, and enhancement update (Low)Oracle Linux 5autofsUnspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent "mount expiration" via unspecified vectors related to "using an LDAP-based automount map."Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3DEPRECATED: ELSA-2012:1351: thunderbird security update (Critical)Oracle Linux 5Oracle Linux 6thunderbirdHeap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.3RHSA-2009:0449 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxxulrunnerUpdated firefox packages that fix one security issue are now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
A flaw was found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-1313)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10ELSA-2014-1636 -- java-1.8.0-openjdk security update (important)Oracle Linux 6java-1.8.0-openjdk[1:1.8.0.25-1.b17]
- Update to October CPU patch update.
- Resolves: RHBZ#1148896Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DEPRECATED: SUSE-RU-2014:1065-1 -- Recommended update for zipSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11zipThis update for zip provides the following fix:Don't clobber include/exclude pattern lists by removing path prefixes.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.3ELSA-2012:1235: kvm security update (Important)Oracle Linux 5kvmQemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3DEPRECATED: ELSA-2011-0975 -- sssd security, bug fix, and enhancement update (low)Oracle Linux 5sssd[1.5.1-37]
- Reverts: rhbz#680443 - Dynamic DNS update fails if multiple servers are
- given in ipa_server config optionSergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10ELSA-2014-0919 -- firefox security update (critical)Oracle Linux 5Oracle Linux 6firefoxxulrunner[24.7.0-1.0.1.el6_5]
- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one
[24.7.0-1]
- Update to 24.7.0 ESRSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-3242-1 -- chromium-browser -- security updateDebian 8chromium-browserSeveral vulnerabilities were discovered in the chromium web browser.Sergey ArtykhovAlexandr RuchkinDRAFTINTERIMACCEPTEDACCEPTED5.10USN-1844-1 -- Linux kernel vulnerabilityUbuntu 12.04linuxThe system could be made to crash or run programs as an administrator if it received specially crafted network traffic.Maria KedovskayaDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10ELSA-2010:0464: flash-plugin security update (Critical)Oracle Linux 5flash-pluginAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3DSA-2480-1 request-tracker3.8 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0request-tracker3.8Several vulnerabilities were discovered in Request Tracker, an issue tracking system.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10ELSA-2010:0168: httpd security and enhancement update (Moderate)Oracle Linux 5httpdThe ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3DSA-3631-1 -- php5 -- security updateDebian 8php5Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DEPRECATED: ELSA-2013-0145 -- thunderbird security update (critical)Oracle Linux 5Oracle Linux 6thunderbird[10.0.12-3.0.1.el6_3]
- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js
[10.0.12-3]
- Update to 10.0.12 ESRSergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10SUSE-RU-2013:1565-1 -- Recommended update for createrepoSUSE Linux Enterprise Server 11createrepoThis update for createrepo fixes the unique names option
and adds it also to modifyrepo.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3RHSA-2010:0782: firefox security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5firefoxnssxulrunnerThe LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3DSA-2775-1 ejabberd - insecure SSL usageDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7ejabberdIt was discovered that ejabberd, a Jabber/XMPP server, uses SSLv2 and weak ciphers for communication, which are considered insecure. The software offers no runtime configuration options to disable these. This update disables the use of SSLv2 and weak ciphers.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-1488-1 phpbb2 - several vulnerabilitiesDebian GNU/Linux 4.0phpbb2Several remote vulnerabilities have been discovered in phpBB, a web based bulletin board.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10ELSA-2013:0133: hplip3 security and bug fix update (Low)Oracle Linux 5hplip3The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3USN-1434-1 -- samba vulnerabilityUbuntu 12.04Ubuntu 11.10Ubuntu 11.04Ubuntu 10.04sambaSamba could allow a user to gain administrative privileges to the Samba server.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-1418-1 cacti - SQL injectionDebian GNU/Linux 4.0cactiIt was discovered that Cacti, a tool to monitor systems and networks, performs insufficient input sanitising, which allows SQL injection.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-1903-1 graphicsmagick - severalDebian GNU/Linux 4.0Debian GNU/Linux 5.0graphicsmagickSeveral vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10USN-1772-1 -- keystone vulnerabilityUbuntu 12.10keystoneUnder certain configurations, Keystone would allow unintended access over the network.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10SUSE-SU-2014:0881-1 -- Security update for xorg-x11-libsSUSE Linux Enterprise Server 11xorg-x11-libsThis is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of xorg-x11-libs, fixing security issues and some bugs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DEPRECATED: ELSA-2011-0423 -- postfix security update (moderate)Oracle Linux 6postfix[2:2.6.6-2.1]
- fix CVE-2011-0411 (#682978)Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10DEPRECATED: ELSA-2010-0198 -- openldap security and bug fix update (moderate)Oracle Linux 5openldap[2.3.43-12]
- updated spec file, so the compat-libs linking patch applies
correctly
[2.3.43-11]
- backported patch to handle null character in TLS
certificates (#560912)
[2.3.43-10]
- updated chase-referral patch to compile cleanly
- updated init script (#562714)
[2.3.43-9]
- updated ldap.sysconf to include SLAPD_LDAP, SLAPD_LDAPS and
SLAPD_LDAPI options (#559520)
[2.3.43-8]
- fixed connection freeze when TLSVerifyClient = allow (#509230)
[2.3.43-7]
- fixed chasing referrals in libldap (#510522)
[2.3.43-6]
- fixed possible double free() in rwm overlay (#495628)
- updated slapd man page and slapcat usage string (#468206)
- updated default config for slapd - deleted syncprov module (#466937)
- fixed migration tools autofs generated format (#460331)
- fixed migration tools numbers detection in /etc/shadow (#113857)
- fixed migration tools base ldif (#104585)
[2.3.43-5]
- implementation of limit adjustment before starting slapd (#527313)
- init script no longer executes script in /tmp (#483356)
- slapd not starting with ldap:/// every time (#481003)
- delay between TERM and KILL when shutting down slapd (#452064)
[2.3.43-4]
- fixed compat libs linking (#503734)
- activated lightweight dispatcher feature (#507276)
- detection of timeout after failed result (#495701Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10SUSE-SU-2014:0373-1 -- Security update for XenSUSE Linux Enterprise Server 11SUSE Linux Enterprise Desktop 11XenThe SUSE Linux Enterprise Server 11 Service Pack 3 Xen
hypervisor and toolset has been updated to 4.2.4 to fix
various bugs and security issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10USN-1824-1 -- linux vulnerabilitiesUbuntu 10.04linuxSeveral security issues were fixed in the kernel.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10RHSA-2011:1019: libvirt security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5libvirtInteger overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3RHSA-2013:0752: java-1.7.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.7.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10RHSA-2014:0370: httpd security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6httpdThe log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3End of life cycle for Microsoft .NET Framework 1.1Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft .NET Framework 1.1Product Microsoft .NET Framework 1.1 not longer supportedMaria MikhnoDRAFTINTERIMACCEPTEDACCEPTED5.3DSA-4333-1 -- icecast2 -- security updateDebian 9icecast2Nick Rolfe discovered multiple buffer overflows in the Icecast multimedia streaming server which could result in the execution of arbitrary code.Alexandr RuchkinDRAFTINTERIMINTERIM5.10RHSA-2013:0666: Oracle Java SE 6 - notification of end of public updates (Low)Red Hat Enterprise Linux 6java-1.6.0-sunOracle Java SE version 6 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.
Oracle Java SE 6 will not receive updates after February 28, 2013. The
Oracle Java SE 6 packages on the Red Hat Enterprise Linux 5 and 6
Supplementary media and in Red Hat Network (RHN) channels will continue to
be available.
Red Hat will continue to provide these packages only as a courtesy to
customers. Red Hat will not provide updates to these packages after this
date.
Once customers update their system by installing the packages associated
with this advisory, the Oracle Java Web Plug-in will be disabled. As a
result, customers who rely on Java-based browser applets may need to
re-configure their browser to use one of the Java implementations listed
in the Solution section below.
All users of java-1.6.0-sun are advised to upgrade to these updated
packages.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3RHSA-2010:0866: cups security update (Important)Red Hat Enterprise Linux 6cupsipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3DSA-1416-1 tk8.3 - buffer overflowDebian GNU/Linux 4.0tk8.3It was discovered that Tk, a cross-platform graphical toolkit for Tcl, performs insufficient input validation in the code used to load GIF images, which may lead to the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10RHSA-2009:1561 -- libvorbis security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5libvorbisUpdated libvorbis packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The libvorbis packages contain runtime libraries for use in programs that
support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and
royalty-free, general-purpose compressed audio format.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10ELSA-2014-1148 -- squid security update (Important)Oracle Linux 6Oracle Linux 5squidSquid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects.
A flaw was found in the way Squid handled malformed HTTP Range headers.
A remote attacker able to send HTTP requests to the Squid proxy could use
this flaw to crash Squid. (CVE-2014-3609)
A buffer overflow flaw was found in Squid&#39;s DNS lookup module. A remote
attacker able to send HTTP requests to the Squid proxy could use this flaw
to crash Squid. (CVE-2013-4115)
Red Hat would like to thank the Squid project for reporting the
CVE-2014-3609 issue. Upstream acknowledges Matthew Daley as the original
reporter.
All Squid users are advised to upgrade to this updated package, which
contains backported patches to correct these issues. After installing this
update, the squid service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.10USN-2370-1 -- apt vulnerabilityUbuntu 14.04Ubuntu 12.04aptAPT could be made to overwrite files.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10USN-1855-1 -- libxcb vulnerabilityUbuntu 13.04Ubuntu 12.10Ubuntu 12.04Ubuntu 10.04libxcbSeveral security issues were fixed in libxcb.Maria KedovskayaDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-1832-1 camlimages -- integer overflowDebian 5.0Debian 4.0camlimagesTielei Wang discovered that CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. For the old stable distribution , this problem has been fixed in version 2.20-8+etch1. For the stable distribution , this problem has been fixed in version 2.2.0-4+lenny1. For the unstable distribution , this problem has been fixed in version 3.0.1-2. We recommend that you upgrade your camlimages package.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTED5.10RHSA-2013:1418: libtar security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6libtarOpen redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10RHSA-2011:0307: mailman security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5mailmanMultiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3RHSA-2010:0114: acroread security and bug fix update (Critical)Red Hat Enterprise Linux 5acroreadUnspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3USN-1157-2 -- mozvoikko, ubufox, webfav updateUbuntu 11.04mozvoikkoubufoxwebfavmozvoikko: Finnish spell-checker extension for Firefox - ubufox: Ubuntu Firefox specific configuration defaults and apt support - webfav: Firefox extension for saving web favorites Details: USN-1157-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 5. Original advisory This update provides provides packages compatible with Firefox 5.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10SUSE-SU-2014:0548-1 -- Security update for jakarta-commons-fileuploadSUSE Linux Enterprise Server 11jakarta-commons-fileuploadThis update fixes a security issue with
jakarta-commons-fileupload:
* bnc#862781: denial of service due to too-small buffer
size used (CVE-2014-0050)
Security Issue reference:
* CVE-2014-0050
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050
>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10USN-1466-1 -- nova vulnerabilityUbuntu 12.04Ubuntu 11.10novaNova could be prevented from applying security group policy.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-1892-1 dovecot - arbitrary code executionDebian GNU/Linux 4.0Debian GNU/Linux 5.0dovecotIt was discovered that the SIEVE component of dovecot, a mail server that supports mbox and maildir mailboxes, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the dovecot system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-1614 iceweasel -- several vulnerabilitiesDebian GNU/Linux 4.0iceweaselSeveral remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. Billy Rios discovered that passing an URL containing a pipe symbol to Iceweasel can lead to Chrome privilege escalation.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DEPRECATED: USN-588-1 -- mysql-dfsg-5.0 vulnerabilitiesUbuntu 6.06Ubuntu 6.10Ubuntu 7.04Ubuntu 7.10mysql-dfsg-5.0Masaaki Hirose discovered that MySQL could be made to dereference a NULL pointer.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.4ELSA-2014-1669 -- qemu-kvm security and bug fix update (low)Oracle Linux 7qemu-kvm[1.5.3-60.el7_0.10]
- kvm-block-add-helper-function-to-determine-if-a-BDS-is-i.patch [bz#1122925]
- kvm-block-extend-block-commit-to-accept-a-string-for-the.patch [bz#1122925]
- kvm-block-add-backing-file-option-to-block-stream.patch [bz#1122925]
- kvm-block-add-__com.redhat_change-backing-file-qmp-comma.patch [bz#1122925]
- Resolves: bz#1122925
(Maintain relative path to backing file image during live merge (block-commit))Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.10USN-2433-1 -- tcpdump vulnerabilitiesUbuntu 14.10Ubuntu 14.04Ubuntu 12.04Ubuntu 10.04tcpdumpSteffen Bauch discovered that tcpdump incorrectly handled printing OSLR
packets. A remote attacker could use this issue to cause tcpdump to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8767">CVE-2014-8767</a>)
Steffen Bauch discovered that tcpdump incorrectly handled printing GeoNet
packets. A remote attacker could use this issue to cause tcpdump to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only applied to Ubuntu 14.04 LTS and Ubuntu 14.10. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8768">CVE-2014-8768</a>)
Steffen Bauch discovered that tcpdump incorrectly handled printing AODV
packets. A remote attacker could use this issue to cause tcpdump to crash,
resulting in a denial of service, reveal sensitive information, or possibly
execute arbitrary code. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8769">CVE-2014-8769</a>)
It was discovered that tcpdump incorrectly handled printing PPP packets. A
remote attacker could use this issue to cause tcpdump to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9140">CVE-2014-9140</a>)
In the default installation, attackers would be isolated by the tcpdump
AppArmor profile.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.10DEPRECATED: USN-575-1 -- apache2 vulnerabilitiesUbuntu 6.06Ubuntu 6.10Ubuntu 7.04Ubuntu 7.10apache2It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.4SUSE-OU-2013:1785-1 -- Optional update for apache2-mod_nssSUSE Linux Enterprise Server 11apache2-mod_nssThis feature update provides a new Apache2 module "mod_nss"
which implements an https provider as a replacement of
mod_ssl. (FATE#316419)
mod_nss uses the Mozilla NSS libraries to provide SSL
support and so is able to supply TLS 1.1 and TLS 1.2 for
your Apache web server.
The package includes a README-SUSE.txt with detailed setup
instructions.
Also some glue documentation can be found in
/etc/apache2/conf.d/mod_nss.conf and covers:
* Simultaneous usage of mod_ssl and mod_nss
* SNI concurrency
* SUSE framework for Apache configuration, Listen
directive
* Module initialization.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3DSA-2348-1 systemtap -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0systemtapSeveral vulnerabilities were discovered in SystemTap, an instrumentation system for Linux: CVE-2011-2503 It was discovered that a race condition in staprun could lead to privilege escalation. CVE-2010-4170 It was discovered that insufficient validation of environment variables in staprun could lead to privilege escalation. CVE-2010-4171 It was discovered that insufficient validation of module unloading could lead to denial of service.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10RHSA-2010:0003: gd security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5gdThe _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3SUSE-SU-2014:1141-1 -- Security update for php53SUSE Linux Enterprise Server 11php53This php53 update fixes the following security issues:
* Insecure temporary file used for cache data was fixed by switching
to a different root only directory /var/cache/php-pear.
(CVE-2014-5459)
* An incomplete fix for CVE-2014-4049. (CVE-2014-3597)
Security Issues:
* CVE-2014-5459
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5459>
* CVE-2014-4049
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10ELSA-2007:0966: perl security update (Important)Oracle Linux 5perlBuffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3DEPRECATED: ELSA-2012-0323 -- httpd security update (moderate)Oracle Linux 5httpd[2.2.3-63.0.1.el5_8.1]
- Fix mod_ssl always performing full renegotiation (orabug 12423387)
- replace index.html with Oracle's index page oracle_index.html
- update vstring and distro in specfile
[2.2.3-63.1]
- add security fixes for CVE-2012-0053, CVE-2012-0031, CVE-2011-3607 (#787596)
- remove patch for CVE-2011-3638, obviated by fix for CVE-2011-3639Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10USN-764-1 -- firefox-3.0, xulrunner-1.9 vulnerabilitiesUbuntu 8.10Ubuntu 8.04Ubuntu 9.04firefox-3.0xulrunner-1.9Several flaws were discovered in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that Firefox displayed certain Unicode characters which could be visually confused with punctuation in valid web addresses in the location bar. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Several flaws were discovered in the way Firefox processed malformed URI schemes. If a user were tricked into viewing a malicious website, a remote attacker could execute arbitrary JavaScript or steal private data. Cefn Hoile discovered Firefox did not adequately protect against embedded third-party stylesheets. An attacker could exploit this to perform script injection attacks using XBL bindings. Paolo Amadini discovered that Firefox would submit POST data when reloading an inner frame of a web page. If a user were tricked into viewing a malicious website, a remote attacker could steal private dataSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10USN-1250-1 -- empathy vulnerabilitiesUbuntu 11.10Ubuntu 11.04Ubuntu 10.10Ubuntu 10.04empathyEmpathy could be made to run programs or display webpages via specially crafted nicknames.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10ELSA-2014-1306 -- bash security update (Important)Oracle Linux 7Oracle Linux 6Oracle Linux 5bashThe GNU Bourne Again shell (Bash) is a shell and command language
interpreter compatible with the Bourne shell (sh). Bash is the default
shell for Red Hat Enterprise Linux.
It was found that the fix for CVE-2014-6271 was incomplete, and Bash still
allowed certain characters to be injected into other environments via
specially crafted environment variables. An attacker could potentially use
this flaw to override or bypass environment restrictions to execute shell
commands. Certain services and applications allow remote unauthenticated
attackers to provide environment variables, allowing them to exploit this
issue. (CVE-2014-7169)
Applications which directly create bash functions as environment variables
need to be made aware of changes to the way names are handled by this
update. Note that certain services, screen sessions, and tmux sessions may
need to be restarted, and affected interactive users may need to re-login.
Installing these updated packages without restarting services will address
the vulnerability, but functionality may be impacted until affected
services are restarted. For more information see the Knowledgebase article
at <A HREF="https://access.redhat.com/articles/1200223">https://access.redhat.com/articles/1200223</A>
Note: Docker users are advised to use &quot;yum update&quot; within their containers,
and to commit the resulting changes.
For additional information on CVE-2014-6271 and CVE-2014-7169, refer to the
aforementioned Knowledgebase article.
All bash users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10ELSA-2013:0608: kvm security update (Important)Oracle Linux 5kvmBuffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3ELSA-2008:0485: compiz security update (Low)Oracle Linux 5compizGNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3ELSA-2007:0964: openssl security update (Important)Oracle Linux 5opensslOff-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3USN-1992-1 -- linux vulnerabilityUbuntu 12.04linuxThe system could be made to expose sensitive information to a local user.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10RHSA-2013:0957: java-1.7.0-openjdk security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6java-1.7.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10RHSA-2010:0018: dbus security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5dbusThe _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3RHSA-2012:1201: tetex security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5tetexOff-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.3USN-1499-1 -- linux-ti-omap4 vulnerabilityUbuntu 11.10linux-ti-omap4The system could be made to crash if it received specially crafted network traffic.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-3860-1 -- samba -- security updateDebian 8sambasteelo discovered a remote code execution vulnerability in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client with access to a writable share, can take advantage of this flaw by uploading a shared library and then cause the server to load and execute it.Sergey ArtykhovAlexandr RuchkinDRAFTINTERIMACCEPTEDACCEPTED5.10RHSA-2011:0318: libtiff security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5libtiffBuffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3USN-553-1 -- mono vulnerabilityUbuntu 6.06Ubuntu 6.10Ubuntu 7.04Ubuntu 7.10monoIt was discovered that Mono did not correctly bounds check certain BigInteger actions.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-2062-1 sudo -- missing input sanitisationDebian GNU/Linux 5.0sudoAnders Kaseorg and Evan Broder discovered vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to use those programs with an untrusted value of PATH. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting. For the stable distribution, this problem has been fixed in version 1.6.9p17-3 For the unstable distribution , this problem has been fixed in version 1.7.2p7-1, and will migrate to the testing distribution shortly. We recommend that you upgrade your sudo package.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-1956 xulrunner -- several vulnerabilitiesDebian GNU/Linux 5.0xulrunnerSeveral remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: David James discovered that the window.opener property allows Chrome privilege escalation. Jordi Chanel discovered a spoofing vulnerability of the URL location bar using the document.location property. Jonathan Morgan discovered that the icon indicating a secure connection could be spoofed through the document.location property. Takehiro Takahashi discovered that the NTLM implementation is vulnerable to reflection attacks. Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-3975-1 -- emacs25 -- security updateDebian 9emacs25Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data (e.g. when using Emacs-based mail clients).Alexandr RuchkinDRAFTINTERIMACCEPTEDACCEPTED5.10DEPRECATED: ELSA-2011:1445: flash-plugin security update (Critical)Oracle Linux 5Oracle Linux 6flash-pluginAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMMaria MikhnoDEPRECATEDDEPRECATED5.3DSA-2017-1 pulseaudio - insecure temporary directoryDebian GNU/Linux 5.0pulseaudioDan Rosenberg discovered that the PulseAudio sound server creates a temporary directory with a predictable name. This allows a local attacker to create a Denial of Service condition or possibly disclose sensitive information to unprivileged users.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-3415-1 -- chromium-browser -- security updateDebian 8chromium-browserSeveral vulnerabilities have been discovered in the chromium web browser.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-3683-1 -- chromium-browser -- security updateDebian 8chromium-browserSeveral vulnerabilities have been discovered in the chromium web browser.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DEPRECATED: ELSA-2014-0293 -- udisks security update (important)Oracle Linux 6udisks[1.0.1-7.el6_5]
- Make sure doc subpackage is noarch
[1.0.1-6.el6_5]
- Put devel-docs in a separate package (related: rhbz#1070145) .
[1.0.1-5.el6_5]
- Related: rhbz#1070145.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10DSA-1292-1 qt4-x11Debian GNU/Linux 4.0qt4-x11Andreas Nolden discovered a bug in the UTF8 decoding routines in qt4-x11, a C++ GUI library framework, that could allow remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10USN-1459-1 -- linux-ti-omap4 vulnerabilitiesUbuntu 11.10linux-ti-omap4Several security issues were fixed in the kernel.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10ELSA-2011:0918: curl security update (Moderate)Oracle Linux 6curlThe Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3USN-2330-1 -- thunderbird vulnerabilitiesUbuntu 14.04Ubuntu 12.04thunderbirdSeveral security issues were fixed in Thunderbird.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-2825-1 wireshark - severalDebian GNU/Linux 7Debian GNU/kFreeBSD 7wiresharkLaurent Butti and Garming Sam discovered multiple vulnerabilities in the dissectors for NTLMSSPv2 and BSSGP, which could lead to denial of service or the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-2980-1 -- openjdk-6 - security updateDebian GNU/Linux 7Debian GNU/kFreeBSD 7openjdk-6Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the executionof arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.10ELSA-2009:1427: fetchmail security update (Moderate)Oracle Linux 5fetchmailsocket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3DEPRECATED: ELSA-2013-1436 -- kernel security and bug fix update (moderate)Oracle Linux 6kernel[2.6.32-358.23.2]
- [md] dm-snapshot: fix data corruption (Mikulas Patocka) [1004252 1004233] {CVE-2013-4299}Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10DEPRECATED: ELSA-2010:0889: freetype security update (Important)Oracle Linux 5Oracle Linux 6freetypeBuffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.3DSA-1626 httrack -- buffer overflowDebian GNU/Linux 4.0httrackJoan Calvet discovered that httrack, a utility to create local copies of websites, is vulnerable to a buffer overflow potentially allowing to execute arbitrary code when passed excessively long URLs.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10SUSE-SU-2013:0835-1 -- Security update for IBM JavaSUSE Linux Enterprise Server 11SUSE Linux Enterprise Server 10IBM JavaIBM Java 1.6.0 has been updated to SR13-FP2 fixing bugs and
security issues.
[http://www.ibm.com/developerworks/java/jdk/alerts/)(http://
www.ibm.com/developerworks/java/jdk/alerts/)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10USN-2409-1 -- QEMU vulnerabilitiesUbuntu 14.10Ubuntu 14.04Ubuntu 12.04Ubuntu 10.04qemuqemu-kvmLaszlo Ersek discovered that QEMU incorrectly handled memory in the vga
device. A malicious guest could possibly use this issue to read arbitrary
host memory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10.
(<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3615">CVE-2014-3615</a>)
Xavier Mehrenberger and Stephane Duverger discovered that QEMU incorrectly
handled certain udp packets when using guest networking. A malicious guest
could possibly use this issue to cause a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3640">CVE-2014-3640</a>)
It was discovered that QEMU incorrectly handled parameter validation in
the vmware_vga device. A malicious guest could possibly use this issue to
write into memory of the host, leading to privilege escalation.
(<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3689">CVE-2014-3689</a>)
It was discovered that QEMU incorrectly handled USB xHCI controller live
migration. An attacker could possibly use this issue to cause a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-5263">CVE-2014-5263</a>)
Michael S. Tsirkin discovered that QEMU incorrectly handled memory in the
ACPI PCI hotplug interface. A malicious guest could possibly use this issue
to access memory of the host, leading to information disclosure or
privilege escalation. This issue only affected Ubuntu 14.04 LTS.
(<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-5388">CVE-2014-5388</a>)
James Spadaro discovered that QEMU incorrectly handled certain VNC
bytes_per_pixel values. An attacker having access to a VNC console could
possibly use this issue to cause a guest to crash, resulting in a denial of
service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7815">CVE-2014-7815</a>)Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.10DSA-2480-3 request-tracker3.8 - regressionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0request-tracker3.8Several vulnerabilities were discovered in Request Tracker, an issue tracking system.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTED5.10DSA-2988-1 -- transmission - security updateDebian GNU/Linux 7Debian GNU/kFreeBSD 7transmissionBen Hawkes discovered that incorrect handling of peer messages in the Transmission bittorrent client could result in denial of service or the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.10DEPRECATED: ELSA-2012-1116 -- perl-DBD-Pg security update (moderate)Oracle Linux 5Oracle Linux 6perl-DBD-Pg[2.15.1-4]
- Resolves: rhbz#841131 (CVE-2012-1151)Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATED5.10RHSA-2014:1655: libxml2 security update (Moderate)Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6CentOS Linux 7CentOS Linux 6libxml2The libxml2 library is a development toolbox providing the implementation
of various XML standards.
A denial of service flaw was found in libxml2, a library providing support
to read, modify and write XML and HTML files. A remote attacker could
provide a specially crafted XML file that, when processed by an application
using libxml2, would lead to excessive CPU consumption (denial of service)
based on excessive entity substitutions, even if entity substitution was
disabled, which is the parser default behavior. (CVE-2014-3660)
All libxml2 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. The desktop must be
restarted (log out, then log back in) for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3SUSE-SU-2014:1119-1 -- Security update for glibcSUSE Linux Enterprise Server 10glibcThis glibc update fixes a critical privilege escalation problem and the
following security and non security issues:
* bnc#892073: An off-by-one error leading to a heap-based buffer
overflow was found in __gconv_translit_find(). An exploit that
targets the problem is publicly available. (CVE-2014-5119)
* bnc#772242: Replace scope handing with master state
* bnc#779320: Fix buffer overflow in strcoll (CVE-2012-4412)
* bnc#818630: Fall back to localhost if no nameserver defined
* bnc#828235: Fix missing character in IBM-943 charset
* bnc#828637: Fix use of alloca in gaih_inet
* bnc#834594: Fix readdir_r with long file names (CVE-2013-4237)
Security Issues:
* CVE-2014-5119
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119>
* CVE-2013-4237
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237>
* CVE-2012-4412
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10RHSA-2009:1159 -- libtiff security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5libtiffUpdated libtiff packages that fix several security issues are now available
for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10DSA-2923-1 openjdk-7 - security updateDebian GNU/Linux 7openjdk-7Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in the executionof arbitrary code, breakouts of the Java sandbox, information disclosureor denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTED5.10ELSA-2012:0715: thunderbird security update (Critical)Oracle Linux 6Oracle Linux 5thunderbirdHeap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED5.3DEPRECATED: ELSA-2012-0017 -- libxml2 security update (important)Oracle Linux 5libxml2[2.6.26-2.1.12.0.1.el5_7.2]
- Add libxml2-enterprise.patch
- Replaced docs/redhat.gif in tarball with updated image
[2.6.26-2.1.12.el5_7.2]
- Fix the semantic of XPath axis for namespace/attribute nodes CVE-2010-4008
- Fix an off by one error in encoding CVE-2011-0216
- Fix some potential problems on reallocation failures CVE-2011-1944
- Fix missing error status in XPath evaluation CVE-2011-2834
- Make sure the parser returns when getting a Stop order CVE-2011-3905
- Fix an allocation error when copying entities CVE-2011-3919.patch
- Resolves: rhbz#771906